Discover and read the best of Twitter Threads about #mAadhaar

Most recents (3)

1/ Go through this tweets thread👇(especially don’t miss 11/ in this thread) to understand how persons like @fs0c131y are running #propaganda against our govt apps.
It will explain how for famous govt apps claims of #hacking or security issues are made while hiding the #reality
2/ First thing is you have to look like a pro hacker like those you see in movies or web series
—> yes you thought it right! You can even use name of a famous fictional character from web series or movies say #ElliotAlderson in #MrRobot web series. How cool that is! Isn’t it?🤔
3/ To look more cool 😎 hacker
—> You need some fancy terminal and fancy font. Powerline font and Oh-my-zsh with the Agnoster theme would be cool.
—> use curl for making requests to app server (you can even avoid posting the response in case you did not get desired response 😂)
Read 13 tweets
1/ Few days back a hacker claimed that he has found some serious security flaws in @SetuAarogya and 90 million user's privacy is at risk and also wrote an article on medium for explanation of the issues he found. Follow the thread to know the REALITY of so called security issues.
Read the bold part (that speaks the important part in brief) in tweets ahead in this thread.
That is an intentional feature of the application and it provides you number of nearby users, covid-19 positive users etc and NOT their identities. Also the radius for which you can ask this data has only few values : 500m, 1Km, 2Km, 5Km, 10Km only.
Read 18 tweets
Looks like #mAadhaar is back in news again because of @fs0c131y . For those who are wondering, what the problem is with the OTP code, of mAadhaar, a short primer follows: 👇
1. Clients need secrets to talk with servers. Usually clients need to authenticate themselves. (Password).
2. In this case, the password is the OTP. Unlike a password, which is in *your head*, the OTP is a dynamic password sent to the phone via SMS. So if OTP is revealed?
3. Whoever gets the OTP, becomes you. This is not new type of attack, but one that we see on Banking all the time. So what does mAadhaar use OTP for?
4. It exchanges a secret with the Android App. And the secret is then used to generate VID, TOTP etc.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!